The host is installed with PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9 or 9.1 before 9.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. Successful exploitation allows remote authenticated users to determine the existence of arbitrary files or URLs and possibly obtain file or URL content that triggers a parsing error.